Introducing SDWAN
Welcome to the World of Software-Defined Networking: Demystifying SD-WAN
Hello, everyone! I’m Aha. With my decade of experience working with several service provider organizations, I'm here to guide you through the evolution of the Software-Defined Wide Area Network (SD-WAN) and debunk some of the most common myths surrounding it.
Traditional Routing vs. The Advent of SD-WAN
Traditionally, Multiprotocol Label Switching (MPLS) was widely used for secure network connectivity, with the internet often side-lined due to perceived security issues. But times change, and with it comes the evolution of networking solutions.
What prompted this shift? The inception of the cloud and its myriad applications demanded a move from conventional networking techniques. And yes, security considerations were still crucial. But instead of avoiding the internet, innovative solutions like SD-WAN began to harness it.
The primary drawback of traditional routing was the lack of direct connectivity between branch sites. Data had to pass through a data center, get scrutinized by firewalls, and only then, connect to the internet or other applications.
Enter SD-WAN, a game-changer alleviating this significant limitation. With SD-WAN, the focus shifted from simply connecting routers to connecting applications hosted in the cloud. Internet accessibility became imperative due to both the movement of applications and the need for reduced latency.
How SD-WAN Works: A Dive Into Its Components
The primary constituents of SD-WAN include cloud controllers and edge devices. The cloud controllers take care of the control, management and orchestration planes, while the edge devices handle the data plane.
Before navigating the precise functions of these components, let's debunk a common myth: "MPLS will become obsolete due to SD-WAN." This inference is false. SD-WAN and MPLS serve different purposes. SD-WAN is a functionality managing all WAN devices centrally, while MPLS is a transport medium separate from SD-WAN. However, it is true that the client's preference might shift towards the internet after incorporating SD-WAN, due to the application and infrastructure movements to the internet.
Laying Out the SD-WAN Architecture
An SD-WAN architecture typically includes the controllers and the edge devices interconnected via secure data tunnels. These tunnels are established over the available transport network, like MPLS or the Internet, forming what's known as an "overlay network”.
Once contact is established with the vBond orchestrator, the edge devices can be directed to the vSmart controllers (control plane) and vManage (management plane), thus initiating certification checks and configuration procedures. Consequently, these edge devices can establish IPsec tunnels with other edge devices, resulting in reduced latency and central control.
The Benefits of Adopting SD-WAN
- Centralized control: As against the distributed nature of traditional routing, the control, management, and orchestration planes in SD-WAN are centralized.
- Application priority: SD-WAN adopts an application-centric approach for traffic priority, as against the packet-centric approach in traditional routing.
- Overlay network options: While traditional routing largely uses MPLS as an overlay network, SD-WAN exhibits flexibility in using either MPLS or other overlay networks like IPsec tunnels.
- Improved Utilization: Automated IPsec tunnels and improved security in SD-WAN enhance internet use for WAN utilization.
- Enhanced analytics: Along with automation, SD-WAN supports analytic features, offering granular insights into traffic and utilization patterns.
To sum up, the transition to SD-WAN is inevitable as businesses gravitate towards the cloud and internet-centric operations. But remember, context is king when deciding between MPLS and SD-WAN. Ultimately, it's about choosing the solution that effectively addresses your networking needs.
Have any queries? Feel free to get in touch, and let’s explore the fascinating world of SD-WAN together.
Video Transcription
Welcome guys. My name is Aha. And uh I've been working with uh many uh service provider organizations and uh about 10 years of experience that I have. So here, I'm uh there to introduce you, Steve Van. And uh basically the evolution how uh we got into STV.And uh the myths that uh people have generally in regards to STV. So quickly, let me share my screen if I can. So I'm going to explain to you today the evolution of STN how uh we got into the STN and uh how we used to have our traditional routing. So earlier, generally, we used to have uh MP LS or personal just to have MP connectivity for their secure net network. And uh uh the internet was being avoided because there was no such shoes. And uh the security parameter was uh on the lower grade. So we used to have the M VPN connectivities uh to have IP at your tel over internet. So while you are having the MP LS connectivities, uh WW whenever we want to uh access from one site to another, say this is the branch site we want to have uh uh you know, we want to talk the uh the branch one to branch two.
Then it uh used to have uh this uh data center. It used to reach data center and then um uh there must be some kind of firewall or something to check the security level. And uh then uh it, it used to reach internet, we used to have internet breakout and then we used to connect to uh the internet uh applications or via DC through spoke to. So this was uh the connectivity, there was no option of branch, one to branch two direct connectivity. So this was uh the major drawback that we were having earlier. But uh this was uh the setup that was there. So one was only about um you know, connecting sites from uh remote uh or regional data center using internet or MP NS. And MP S was the preferred uh uh way that we were having, the preferred transport applications were generally on local machines. Um Like now we, we have uh many applications on uh cloud. So uh they are having applications as a cloud on a cloud. And uh the router was uh there and used to connect to through the MP LS or internet, whatever connect it is there. Now, when nowadays, what we have is that it's not only about connecting routers, it's about the applications that are hosted in the cloud rather than uh on the local machines. And also there are ma many applications that are moving. So internet access is required.
And of course, we need less latency and delay. The latency should be uh less because uh that was all about MP LS. Now, the school also started its own intelligent van, uh Ivan for this. But then uh SD Van came into the market and primarily when we call, uh Cisco S Dan Web Teller was the organization that started, uh S Dan and Cisco uh overtook that organization and now this is cos Dan is Web Tel SD van. So in traditional van, like if we have uh say 5 to 10 sites and they need to expand, they need to deploy more sites, then one, what we need to do generally is uh we need to configure uh as many of those routers and we need to have the man manpower for that and we need to put route export, import the policy maps and et cetera on all the routers separately or manually.
So it, it increases the manual overhead and increases our um time as well. And when we moved to stan, everything is managed centralized. So it includes basically SD one includes uh uh two major parts that is SD axis and ST one. So I'm not going to talk about ST AIS primarily. Uh Today, I'm going to talk about ST Van and STV is like how to connect the branches from and uh through any kind of transport, be it mbls. Be it the internet. So a context for now today is SD van and mainly SD van has uh two main components that we call as uh controllers and edge devices. It has edge devices that is uh uh it can be a V edge router or Cisco edge router and we have controllers. Well, I'll, I'll talk about them later on. So right now we have the customer need is uh changed like there are um IES service SAS service. We call it as infra as a service or software as a service. So customer don't want to create his own infrastructure. And uh they would buy uh services from uh existing uh Amazon or Azure. So they would take access of those infrastructure and software service like uh specifically, I would say um um like office 365 earlier, it used to be uh posted on a local machine, but now uh it's on uh internet, it's on cloud.
So there are many, many more applications uh uh along with that. So traditionally, traffic used to travel to first DC as, as we can see, it used to travel to first DC and then it used to come back uh to uh the local device or internet wherever required. So it, you know, it was, was uh inspected by the firewall and then it went to internet. But now um we can give direct internet access uh through the branch site and there we can reduce the latency. So uh there uh these are the major re reasons why STAN came um into the picture and why it was evaluated. So we can say that the functionality is separated the traditional devices, uh especially like we have different, different data plans, but these, those were all distributed in uh traditional method, but now it's all centralized. So uh the controllers that we say are used to control the edge devices, edge STN devices. Now there are many myths that MP LS will obsolete after STN. And we used to uh you know, compare although yes, there is a comparison but uh we used to say that uh uh M MP LS uh used to, it will be obsolete and will not be used.
But that's not true because STV uh is the functionality that is used to manage all band devices from centralized uh centralized media, centralized plane and that's it. But MP LS is basically a transport like uh our internet and it has d altogether different use case. But yes, from the customer point of view, the Ellis will will not be that much preferred because uh um maybe uh it, it will be of course used as uh used at core because it has cost and many other features like being an ISP service provider, it will use uh uh MP LS at core. But when we talk about uh the XS layer, the distributed layer, uh then customer may opt for internet for af after this STN evaluation. But yes, the customer with the larger uh like it depends on uh requirement, specifically the customer with a very large network or uh if uh it's the share market or something which, which, which cannot have even a millisecond of downtime, then they would prefer MP NS. So STN uh like like MP S will no longer be required is not true. But yes, uh the usage of for general customers will, will be reduced. So maybe if customer want to use, uh maybe the customer is using 20 mbps of circuit will now use two mbps of uh MP LS and rest 30 mbps of internet because the applications are moved.
Infra is move, it's all on internet and how the security is uh you know, intact. We'll discuss it, we'll discuss about it. So as uh we checked it earlier that SD Van has primarily uh controllers and edge routers in controllers. We have, we manage PM V smart controller, reborn orchestrator and uh VH routers. VH routers is uh the, the specifically hardware routers. So what happened was like in earlier traditional uh routing, we used to have uh majorly every router used to have three planes that is control plane, data forwarding plane and the management plan. So they were distributed among um all the routers present in the net network. The management plan uh is uh you know, it used to tell how device is being managed like we, we have to ssh a telnet or use aux cable or console or if you want to use an SN MP protocol. So they're responsible for accessing uh you know how to take the, to, to take the access of the router. So that was the use of management plan. Then we had uh data plan, data plan or forwarding plane. So it was uh it was used to, to take, to check how the data is being forwarded.
So whenever data used to come uh to a router, it was the job of data plane to decapsulate it to check the errors in the packet, to check the appropriate interface wherein uh it has to be sent uh you know the des with the destination IP address and then uh encapsulate again and send it.
So data is being forwarded via data plane. So we can say any anything that that goes through the device has to use data plane. And uh it, it used to, it used to have uh the usage of uh data table, you know routing table AJ NC table or the route cachet uh forward it, it used to have set. So it used to check all those things and uh then it used to decide uh what, what should be the destination port. Then we had control plane, control, pain controls the data plane. So it, it's ac pu and uh it, it holds routing table table, it stores all those things if you, if you are using uh uh spanning, then ST PB PD US OS PF. If you're using it, OS PF, then hello messages uh they were exchanging via that and app cachet. So it, all those things used to uh store in all the control pain that happens in CPU. It will check and install the route table. Like I if, if there is a new route, you can see it will install it and uh it will create its uh new table and then it will decide where uh the packet will travel. So this was the case in uh the traditional network.
Now, this is what we have is uh our ST van Sdn also have uh all these three planes, we have these three planes but they are not distributed. They are centrally managed, centrally controlled like VMVM is a centralized management plan for all the devices. So what is uh what, what the usage of V MS that uh will be able to manage the device vs is a centralized control plane but all this even traffic uh VB uh there's V born orchestrator that is different. It's of course not the data plane. The data plane is uh with the devices, the devices has the data plane. Now neighbor should. Now, if just if, if we uh if we connect two edge routers, it may have paint. Um OK. So just in case if uh we have two edge routers and uh we we call them Veve or uh ce the E that is Cisco. Cisco uh has updated its I OS uh I OS XC or something like uh we used to have an ISRS. So those specifically updated images um have SD A uh functionality. And so some of the cio devices are also used for SD A purpose. So we have either Vella or Cisco. So it's VH devices or CH devices. So if we just connect these two devices, then it will not have neighbor, it will not form any neighbor because it's not gone through VSV manage. It's not like uh the traditional Cisco routers we used to have, it's not that kind of router.
So they would need routing table and the routing table we would get through VART vsvs. That is our control plate. So we would need vs for our all routing information, routing, exchange information. Then if we can consider the, also uh if, if, if uh you are well versed with the P GP, then uh uh uh for simplification, we can say the work is just like route reflector, route reflector used to just uh send the tr uh send the route like it received routes from one router. It used to send the routes to the other routers specifically uh in the scenario of IB GP. So similarly, what VS will do is we uh is the controller will simply uh take the route from R one. OK. That's it. That's it. So uh that way we can uh uh you know, just uh take an example. So of course, BEC will run some kind of protocol, they'll have the GPO SPF whatever protocol and they will give route to BS and other devices. Now, we manage to manage, we use as we manage and we work management station. Once the devices are added, then we manage to come into the picture to configure locally. We cannot do any kind of changes on these routers. Uh Even even uh uh any anything can be done locally before adding. Uh like if we do not add it to be manage, we can locally do any kind of changes, taking its control, any kind of configuration.
But once we connect it with bee manage, once we connect it with bee manage, then it will overwrite all the configuration that is there after adding uh and I and the configuration will be pushed which, which is being pushed by we manage. So we cannot do any kind of configuration manually. We need uh uh the centralized uh management plan in case of uh this, we manage. So now, uh let's see, I have not covered this vor orchestrator. Uh Let me come to this Vonn is it's just used to securely bring up the SD van fabric on the network. We call it VOR orchestrator, we call it VOR orchestrator. So once the device uh reach out to V bond, when once the devices are connected, they reach out to be bond and V bond tells what's your BS, what's your VM? It will tell the IP address that this is your vs first, it'll do some kind of uh uh testing of certification or anything. Then it will just uh tell that this is your vs uh let's say for example, let, let me have uh topology another to topology. OK. So let me, they OK. Up on the cheek. Yeah. OK. This is data center one and it has this, we call it VS VM. And it has want we have uh a router here. Then this doctor has a connectivity.
They do internet say to we have MP LS and we have here our edge routers, we have here remotely our edge routers we have here say we have a legacy device, Cisco edge router, there's a legacy device and say here we have one more router and then we are connecting this to internet to MP S to internet, to MP S to internet, to MPLS.
And let's say it was connected to MP LS and now we have moved it to SDV. We have those uh images and we have moved to upgrade it to SD VA. Now what will happen is, oh we, we have this scenario for now. Now whenever these devices, this uh VH devices, they will come up, they, they will contact Von, they will form a tunnel with the Von and then Von will check what uh kind of certificate it ha it has what kind of uh you know, uh authentication that is required. And then the B bond. First of all, first of all, when nothing is there, like uh this side is formed for the first time, then they launch uh and PM vs, they form tunnel with each other, they just form tunnel to each other with each other and they have a connectivity. Now we won, we won knows who is my VM, who is my vs. So it will pass on that information to the VH and then the VH will have the tunnel with VM and VS as well for each site for each of these sites, it will have connectivity, it will have connectivity.
Then once VM gets uh you know, hold of uh this device, then VM will start giving the configuration that is already preconfigured and this router will be configured. And once it has all the routing tables that will be shared by, vs that is a controller, it will share the routing table with this. When it has the routing table, it will get to know that I have more edge routers in my network. I also have more uh 1123 devices in my network. So what it will do is it will form the IP sec tunnel with other edge routers as well. So when it will form this is the IPCC tunnel and this tunnel will be formed on all the available transport. Uh That is the here we have MP LS and internet. So it will form over MP LS and we will form over internet as well. So this way, whenever the connectivity is required, one router will be able to connect to other router without uh traversing through the data center. And all these changes uh can be done uh you know, remotely center on in a centralized way. Now, this is the typical and deployment architecture that I have just um shown you. These are uh the of course the application that is there on the the cloud. And for that, we we need this in net connectivity, internet connectivity.
And then there are controllers, these are sites on cloud and this is the virtual, this is the virtual private cloud and we can connect all the legacy, all the branch and the routers, whatever kind kind of routers are there. So this is a typical architecture of web tela that is the Cisco one we go uh for other vendors, there are many other vendors in the market. Uh Let me check if there is something. OK. So there are many other vendors in the market. And uh uh bea is of course the Cisco uh SD van Cisco also has the Mira S Dan Meraki. Demand is majorly for um uh the sites which have uh CCTV or uh they need wireless connectivity, more wireless connectivity. So that that's I it's, of course, for low cost, then we have uh uh V MS VMVRSD, even by Willow cloud silver PSD VSA network. All these networks, nokia nua AA network, all these networks are and these are the like top most networks. But of course, we have many more Sdn vendors. Apart from these, we can go to their website and of course they have different uh naming system. Um The nomenclature is different but their work is almost similar as uh the one that we have discussed. Now, if we have uh like if, if we uh like, I've shown you the traditional van and SD Van architecture, if we compare those architecture, uh then what are the benefits that we get is like data plane contains its like, of course, we know that this is all distributed and in S DAN, it's all centralized, the planes are centralized now package centering approach is for traffic poverty.
However, in S DAN, its application and approach to traffic property, it uses overlay networks such as NPLS. Now in SD Van, whenever we have any kind of network, it's just overlay, we have developed a software so that we can access it. But underlay is same, it's underlay is a transport that we require to connect the two sites that is either MP S or internet. So underlay is the same as a traditional but overlay, we have added a software. So here generally, a as I mentioned, we used to have MP LS overlay, but now we can use other overlay um networks as well. Van utilization was uh you know, it has a difficulties, especially with the internet, but now we have automated IPCC tunnels and uh there is no uh you know, fear of like uh security and uh its base is on the internet and automation and analytics features are not supported. Yes. So, analytics features are an added advantage that is being uh supported for SD A. We can uh if the time is there. Yes, I can show you, I can show you the uh the website that we have uh for rock specifically for uh this. Let me open it. I can share it with you. It's the Clou Steve. Um This is a goody cloud. So this is the, the, the website where in uh we, we can have uh it's a dummy. Um It, it has a dummy thing and we can access.
Uh Let me show you is we can go through it. This, that's good too any region it has various. And then at the very granular level, we can check um uh like whi which customer is using, which kind of traffic and we can put filters into it as well. That is a feature available in STN. This has documents, but if we speak to the lab, um OK, I'll, I'll uh I'll send you the link of the lab but it has lab as well uh wherein we can exit for now if uh you guys have any questions and you can go ahead. I believe there is no question for now. So leaving this for now. But if just in case if anyone has any query, you can drop me or catch me on link it. Thank you.